|
|
|
@ -60,7 +60,7 @@ When ACF performs authorization check, it will examine the rules one by one from
|
|
|
|
|
a match. The `allow` value of the matching rule will then be used to judge if the user is authorized. If none |
|
|
|
|
of the rules matches, it means the user is NOT authorized and ACF will stop further action execution. |
|
|
|
|
|
|
|
|
|
By default, ACF does only of the followings when it determines a user is not authorized to access the current action: |
|
|
|
|
By default, ACF does only the following when it determines a user is not authorized to access the current action: |
|
|
|
|
|
|
|
|
|
* If the user is a guest, it will call [[yii\web\User::loginRequired()]], which may redirect the browser to the login page. |
|
|
|
|
* If the user is already authenticated, it will throw a [[yii\web\ForbiddenHttpException]]. |
|
|
|
|